PSnmap

Portscanning done “silently” using powershell does not require administrative privileges, thus being a tool where nmap (or similar tools) is no option (due to time and/or authorisation constraints).

The PSnmap tool utilise Powershell capabilities in its module for port scanning.

Install-Module -Name PSnmap -Scope CurrentUser
  • Check if module is installed
Get-Module -ListAvailable
  • Set Execution Policy
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
  • Import module
Import-Module -Name PSnmap
  • Run scans, e.g.:
PSnmap -Cn 192.168.1.1 -ThrottleLimit 5 -Timeout 5 -PortConnectTimeoutMs 5 -Verbose > test.txt

To scan more stealth, adjust throttle limit (HIDS may detect resource intensive processes), and timeout values. See full list here.